During an interview at the DLD Conference in Munich on Monday, Nest CEO Tony Fadell said that the company will make all future privacy policy changes under Google opt-in and that it will be transparent about those changes. Fadell's statement follows Google’s acquisition of Nest, a smart home products company, for $3.2 billion, which has raised some questions about how Google might put the company—and its data—to use.

Further Reading

“The data we collect is all about our products and improving them,” Fadell said, reiterating a statement he issued about the company's smart thermostat and smart smoke detector following the announcement of the acquisition. “If there were ever any changes whatsoever, we will be sure to be transparent about it, number one, and number two, for you to opt in to it.”

The “number one” promise is consistent with Google’s approach to changing privacy policies, particularly in the last couple of years. When Google unified the privacy policies of all its products so that it could share data between services (for instance, Gmail and Google Calendar), it placed a notification bar on its homepage.

During his interview, Fadell tended to focus on the present when addressing Nest’s privacy policy, saying, “At this point there are no changes.” But current privacy policies are a poor predictor of future privacy policies.

Consider the evolution of privacy and data use policies at Facebook. At first, Facebook was completely siloed from search engines, and it was possible for users to be completely invisible to other users who were not their friends. Now Facebook is jockeying to come up as search engine results. All users’ names and photos are publicly accessible, and everyone must be searchable. Not only that, but Facebook data is now sold to third parties, often for marketing purposes.

An OG Nest owner who bought one of the thermostats when Nest wasn’t part of the Google Island archipelago may well be entitled to opt in to privacy changes. But it’s unclear how the promise for opt-in privacy changes might affect future customers.

If Nest changes its privacy tune in the near future so that, for instance, anonymized data may be shared with third parties like marketers, all users who buy a Nest after the fact will be automatically “opted in” to that data-sharing climate. It seems less likely that any opt-in to share data about Nest with anyone but Nest would be preserved for all future customers.

Fadell’s statements may allay the concerns of current Nest owners who have worried about the potential for their thermostats and smoke detectors to turn into the tentacles of Big Brother. But Nest's privacy commitments speak only to Nest as it stands now; the Nest of the future still has the potential to operate differently.

Laurie Segall, the CNNMoney technology correspondent who interviewed Fadell, tried to clarify that Nest would not start feeding her ads about sweaters because it knows she is cold all the time. “Not that I know of, no,” said Fadell, smiling.

“Can you promise?” Segall asked.

Fadell laughed. “If we ever change it, I’ll let you know.”

Promoted Comments

As a current Nest owner, it's not that I trusted Nest - trusting any corporation is a recipe for disaster. It's that, since they were only getting money from me for their devices, they had a clear interest in keeping me happy if they wanted to sell me future devices and maintain positive PR. Google, on the other hand, has shown a willingness-to-the-point-of-seeming-eagerness to alienate small groups of users in order to pursue an overall agenda.

I was a very happy Nest customer until last week. For now, I'll keep my thermostat and smoke detector, and watch what Nest does very carefully. But I won't be buying any new products from them in the next few years, and I can't recommend their products as I have in the past.

Of all privacy challenges..i find it surprising that people are placing so much importance on Nest.

Allow me to paint you a picture: NEST lets Google know how many people are in my home (motion sensor on Protect), when we're active in the home (Protect and Thermostat), when we come and go (via settings in the app), and how much power we're using to heat or cool our home.

This information helps Google complete their picture of me, a picture they're selling to everyone and anyone. A picture I do not want sold.

People are placing so much importance on NEST because it takes Google from the realm of capturing my interests and purchases and puts it directly in my home, capturing information about how I live my life. Many users, tired of Google's growing reach, have decided enough is enough and we're drawing the line here.

He's sort of missing the point though. I shouldn't have to "opt in" or suddenly find my Nest thermostat obsolete. It's one thing to tell me to just quit using gmail or youtube if I don't agree with a privacy change. It's quite another to subject things about my *home* to instant replacement.

Why would I buy any product to install on my home if I have to worry about keeping up with EULA and TOS agreement "revisions"? The contract in effect when I bought the product should not be altered by Nest/google at their whim. Period.

Life is hard enough in trying to determine the privacy policies and implications of the things I'm currently purchasing or contemplating. Ain't nobody got time to constantly review and keep up with unilateral contract changes by counterparties to all *past* purchases.

Which is exactly why I'm not interested in any "smart" appliance. At any moment the terms could change to something like "all your base are belong to us" and my only recourse would be to buy a replacement from another company and hope they don't do the same thing tomorrow.

There's also the matter of smart devices that are abandoned by their manufacturers. What happens when my appliance with an expected lifespan of 20 years stops being supported after 4? Do I continue to use it and run the risk that someone will use my un-patched device to hack into my LAN? Or do all durable goods become disposable ones?

266 posts | registered Jan 12, 2007

Casey Johnston
Casey Johnston is the former Culture Editor at Ars Technica, and now does the occasional freelance story. She graduated from Columbia University with a degree in Applied Physics. Twitter@caseyjohnston

I have three questions: Since you're promising that future changes from the current policy will be "opt-in," how good is the current policy?

Are these promises contained in a legally binding and enforceable agreement, or are they just offhand remarks to an interviewer at a conference (and therefore pretty much meaningless)?

And, why would anyone buy a $250 thermostat (5x the cost of a decent one from Home Depot) knowing that while the current privacy situation might be acceptable, it's manufactured and designed by a division of one of the biggest privacy abusers in the history of mankind?

As a current Nest owner, it's not that I trusted Nest - trusting any corporation is a recipe for disaster. It's that, since they were only getting money from me for their devices, they had a clear interest in keeping me happy if they wanted to sell me future devices and maintain positive PR. Google, on the other hand, has shown a willingness-to-the-point-of-seeming-eagerness to alienate small groups of users in order to pursue an overall agenda.

I was a very happy Nest customer until last week. For now, I'll keep my thermostat and smoke detector, and watch what Nest does very carefully. But I won't be buying any new products from them in the next few years, and I can't recommend their products as I have in the past.

Of all privacy challenges..i find it surprising that people are placing so much importance on Nest.

Allow me to paint you a picture: NEST lets Google know how many people are in my home (motion sensor on Protect), when we're active in the home (Protect and Thermostat), when we come and go (via settings in the app), and how much power we're using to heat or cool our home.

This information helps Google complete their picture of me, a picture they're selling to everyone and anyone. A picture I do not want sold.

People are placing so much importance on NEST because it takes Google from the realm of capturing my interests and purchases and puts it directly in my home, capturing information about how I live my life. Many users, tired of Google's growing reach, have decided enough is enough and we're drawing the line here.

As a current Nest owner, it's not that I trusted Nest - trusting any corporation is a recipe for disaster. It's that, since they were only getting money from me for their devices, they had a clear interest in keeping me happy if they wanted to sell me future devices and maintain positive PR. Google, on the other hand, has shown a willingness-to-the-point-of-seeming-eagerness to alienate small groups of users in order to pursue an overall agenda.

I was a very happy Nest customer until last week. For now, I'll keep my thermostat and smoke detector, and watch what Nest does very carefully. But I won't be buying any new products from them in the next few years, and I can't recommend their products as I have in the past.

Which is why Google will bide its time, and selling Nest to Google was a bad idea from a company standpoint. Sure, the owner got rich, and the workforce wasn't laid off, but people will be skeptical for some time since, as the article describes, Google has already shown us its "auto-opt-in" policy, and relentless ad-space sales.

A couple of years without incident will allow complacency to let them creep in for the sweater ads.

He's sort of missing the point though. I shouldn't have to "opt in" or suddenly find my Nest thermostat obsolete. It's one thing to tell me to just quit using gmail or youtube if I don't agree with a privacy change. It's quite another to subject things about my *home* to instant replacement.

Why would I buy any product to install on my home if I have to worry about keeping up with EULA and TOS agreement "revisions"? The contract in effect when I bought the product should not be altered by Nest/google at their whim. Period.

Life is hard enough in trying to determine the privacy policies and implications of the things I'm currently purchasing or contemplating. Ain't nobody got time to constantly review and keep up with unilateral contract changes by counterparties to all *past* purchases.

Given Google's recent record, this really echoes Cisco's purchase of the Flip camera in 2009. The good news is that the Flip standalone video camera was soon rendered obsolete by improved smart phone video cameras. The market for a connected thermostat or smoke detector is still there. It has been demonstrated. I'm figuring that we'll see the niche filled.

P.S. I was seriously considering buying a Nest, but there is no way I'd consider it now.

Comparatively speaking, my heating and cooling habits are small-potatoes. Google reads my emails, tracks my purchases, knows when I am online and when I'm not. It knows who I send email to and who sends email to me.

Facebook data is now sold to third parties, often for marketing purposes.

What do you mean by this? Do you mean Facebook allows advertisers to run ads to subsets of users who match certain criteria, or that Facebook sells bulk data or 'lists' to third parties to use as they wish?

These are very different things. I think it's misleading to call the former "selling data to third parties".

Nest shot themselves in the foot with this sale. I'm sure Tony made out like a bandit but I'm not too hopeful for the future of Nest products. For me this is a big red flag. I was actually considering getting their smoke detector but not anymore.

It's weird that you can purchase a product and then the privacy policy can change on you. If you paid $300 for the Nest, and then they said they would make a public webpage that says whether or not you're home, could you demand a refund? Where is the boundary to where the product isn't what you paid for anymore?

If Tony is unaware as a CEO of Nest (and former Apple employee) about how Google operates their business by selling people as nothing more than data points and product, he's even stupider than I am.

The best way to put this to you is in the words of one tweet I saw on a website ... I invited Nest into my home, not Google.

I don't use Google's products for anything and your company's acquisition by them has now brushed you with the same brush with which I paint Google. I've changed my Nest contact email to a spam one, taken the device offline, removed my iPad app, and as soon as a themostat even remotely similar appears on the market (as it will, because you're well aware of Christensen's rules of disruptive innovation) yours is getting removed from my wall. I'm pleased that you're now even richer than before. Too bad your wealth can't buy my ethics, and apparently blinds you to the reality that many of us see.

He does know that since he was bought his word means nothing, right? Google WILL abuse this data. There's zero doubt that Google will use the data they collect in a manner they see fit and most people won't like it. It's what Google does, and how Google's business plan operates. Gather data, so whatever the hell they want with it, apologize and deny later. This statement is as worthless as his promise, he not in charge, he doesn't make the rules.

I hate this because it's getting harder and harder to get away from Google. I don't want to be a part of anything they do anymore except YouTube, but I can't get away from them at all. Even if you don't have a single account with them they can still gather an uncomfortable amount of information about you and the bigger they get, the more they can use that to a degree that you can't control. I really don't like this company, and having this guy try and defend their actions is just icing on the cake. Google is getting too big, too invasive and too dismissive about what people want from them.

He's sort of missing the point though. I shouldn't have to "opt in" or suddenly find my Nest thermostat obsolete. It's one thing to tell me to just quit using gmail or youtube if I don't agree with a privacy change. It's quite another to subject things about my *home* to instant replacement.

Why would I buy any product to install on my home if I have to worry about keeping up with EULA and TOS agreement "revisions"? The contract in effect when I bought the product should not be altered by Nest/google at their whim. Period.

Life is hard enough in trying to determine the privacy policies and implications of the things I'm currently purchasing or contemplating. Ain't nobody got time to constantly review and keep up with unilateral contract changes by counterparties to all *past* purchases.

Which is exactly why I'm not interested in any "smart" appliance. At any moment the terms could change to something like "all your base are belong to us" and my only recourse would be to buy a replacement from another company and hope they don't do the same thing tomorrow.

There's also the matter of smart devices that are abandoned by their manufacturers. What happens when my appliance with an expected lifespan of 20 years stops being supported after 4? Do I continue to use it and run the risk that someone will use my un-patched device to hack into my LAN? Or do all durable goods become disposable ones?

In fairness, it says:Over time, Nest may provide the opportunity for you to interface Nest Products to one or more third party products and services, which will involve the exchange of information from your Nest Product. Your explicit consent and authorization will be required for this interface, and will be revocable by you at any time.

So that part is already in there, any integration with the products must be opt-in. This could in principle change for products sold in the future, if they change the policy.

Note that this does not apply to other terms of the privacy statement, e.g. the privacy policy says they don't sell their customer lists e.g. for marketing purposes, but there's no protection against that part changing. Anyway, that's somewhat moot since they didn't have to sell it for a giant advertising company to get access.

Quote:

And, why would anyone buy a $250 thermostat (5x the cost of a decent one from Home Depot) knowing that while the current privacy situation might be acceptable, it's manufactured and designed by a division of one of the biggest privacy abusers in the history of mankind?

I don't think it's a fair comparison to a $50 thermostat, there are significant functional differences. You have to compare to something with connectivity at least. That puts it probably in the $100-150 range, minimum, possibly more.

This is why I never bought into the whole Nest "Experience". Sure, it makes doing a thing easier, but it was a thing I found rather easy with current tech (i.e. managing power/heat in home). The extra connectivity and features were just gravy. They weren't necessary to me and therefore the added complexity wasn't much more than a new vector for equipment failure or security breach.

Anyway I hope Google actually does something cool with this tech. I also hope that users can choose their level of connectivity with said tech.

this 'opt-in' is the opposite of what google normally does. GMail->used to be opt-in for G+, no more. Messaging from other g+ users: opt-out. And privacy policy changes are "opt-in" in the sense that "continuing to use our service means you agree to bend over".

I will be surprised if I won't be required to use a G+ account to be able to link my Nest thermostat to the Nest iOS app.

I find it insulting when someone who just sold his company for $3.2 billion tries to promise us nothing will change. There's only one buyer on the planet that can pay that much with the intention that nothing changes, and his last name is Buffett.

Google has systematically shown that the only thing they care about is what they can milk out of the company for their own purposes, which are delivering more ads and selling more data about people. They have no problem announcing services with much fanfare only to shut them down, buy companies with userbases only to discard software that is still in use, and most outrageous - buy a company for its data and sell back its name as an empty shell once it's done with it (Zagat).

It takes either an ignorant person (or a fool) to like such a company in any way. Google is employing all of the worst corporate tactics with complete disregard for people.

It's one thing changing the privacy policy of a website you've never paid for. I am free to abandon the site and find another -- no money lost (at least not on payments to the site). It's another when you plunk down $250 for each thermostat and find out that a privacy policy you've originally agreed to has changed.

So, what happens if the Nest privacy policy changes, or Nest starts sharing data with Google in ways I never thought would happen when I first bought my thermostats?

I smell a class action suit and an embarrassing trial if Google/Nest isn't careful.

The concern is legitimate, but it must be noted that the loudest voices of those writing about the Nest/Google privacy implications tend to lean Apple in their personal use. Is there this much negativity from the Android leaning writers on and off of Ars?

Ron Amadeo posted a pretty vigorous defense and dismissal of these worries on his Google+ page not long after the merger was announced, but those opinions, when written up, seemed restrained when finally posted on Ars.

And since then, on Ars and off, the avalanche of commentary has been pretty much negative, as if there were no other side of the issue,